At 00:30 13/09/2005, Frank Ellermann wrote:
Given that the group seem to think that 'reject' is better than 'bounce', I
have a question.
We have an email content validation system which can reject messages based
on content (viruses,spam etc). On some PCs this can take over a minute to
process certain messages.
I know RFC 2821 (4.5.3.2) says that this SHOULD be OK, as the 'post DATA'
timeout SHOULD be 10 minutes or so - but no one reads the RFCs, so we find
many SMTP senders will time out at a minute or less at this point. This can
cause messages to be retransmitted over and over again.
We're trying to decide what to do about this. The 'easiest' thing to do is
to accept the message if it's going to take over 30 seconds to process, and
generate a 'bounce' later if necessary - but I don't like that because of
faked sender addresses.
I guess other people here have had the same sort of problems, so are there
any better alternatives?
I'm thinking of generating '250-please wait' multiline response lines every
30 seconds or so whilst the message is being processed, with a final '250
OK' or '550 message rejected because of ...' line.
But, am I being over optimistic expecting SMTP senders to be able to handle
multiline responses any place other than after an EHLO command?
Also, what happens if the last line of a multiline response has a different
response code to previous lines (eg "250-" followed by "550 ")?
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/